Hello, The domainname.key contains your private key. You should never send that file to anyone, not even to buy a certificate. You would have sent domainname.csr to buy your certificate from trustico.com. You must have received a file containing a certificate from trustico.com. The file would contain a text like: -----BEGIN CERTIFICATE----- MIICQDCCAaugAwIBAgIBATALBgkqhkiG9w0BAQQwTjELMAkGA1UEAxMCb2sxCzAJBgNVBAsTAm9r .... V1z4O70HYTLLHA== -----END CERTIFICATE-----
Save that file as domainname.cer. You will now need to create a keystore file using the following command: openssl pkcs12 -inkey domainname.key -in domainname.cer -export -out domainname.pkcs12 When the command asks for password, please provide a password to secure your private key and keystore. Provide the same password each time it prompts. Once the command completes, you will see a file domainname.pkcs12 . This is a keystore containing both your private key and the certificate you received from trustico.com. This is a keystore of type PKCS12. OpenSSL does not support JKS keystores which the type required by Geronimo 2.0.x and older versions. Managing PKCS12 keystores is supported only in 2.1 of Geronimo. However PKCS12 keystores can be used for configuring HTTPS in Geronimo Tomcat distribution 2.0.x. Copy domainname.pkcs12 to <geronimo_home>/var/security . Once this is done, you can edit the HTTPS connector from admin console to use your keystore instead of geronimo-default. The fields you will need to modify are: 1. *keystoreFile : var/security/domainname.pkcs12 2. *keystorePass: <the password you entered with openssl pkcs12... command> 3. keystoreType: PKCS12 Once this is done, stop and start the HTTPS connector. Your server should now be using your new certificate. ++Vamsi ** On Jan 20, 2008 3:50 PM, alpha_one_x86 <[EMAIL PROTECTED]> wrote: > > I have generated my certificat and keyfile for apache 2.2 for do https by: > openssl genrsa -out domainname.key 1024 > and > openssl req -new -key domainname.key -out domainname.csr > I have found Keystores categorie. But I don't find how import my > domainname.key and my domainname.csr generated by previous command. > Can you help me? Thanks you. > -- > View this message in context: > http://www.nabble.com/use-https-if-I-have-already-tp14980201s134p14980201.html > Sent from the Apache Geronimo - Users mailing list archive at Nabble.com. > >
